Important Notification: New service-linked roles added to your account

[Amazon Web Services]

New service-linked roles added to your account

Dear Amazon Web Services customer, You are receiving this email because you use one or more AWS services that perform actions (e.g., create and manage AWS resources) on your behalf, and we are making these actions more transparent. For example, AWS OpsWorks Stacks creates Amazon Elastic Compute Cloud (EC2) instances and accesses Amazon CloudWatch for monitoring. To make AWS actions in your account more transparent, AWS will create AWS Identity and Access Management (IAM) service-linked roles in your account. Each service-linked role will delegate permissions to an AWS service, called its linked service. All actions performed on your behalf by the linked service will appear in your AWS CloudTrail logs. What will change? AWS will add a service-linked role for each linked service you are currently using. You will see these service-linked roles appear in the list of IAM roles from the IAM console. Each service-linked role has the required permissions for the linked service to perform actions on your behalf. You can view these permissions by clicking on the service-linked role from role page in the IAM console. For information about which services support service-linked roles, see AWS Services That Work with IAM. Over time, more AWS services will support service-linked roles. What are the benefits? Unlike a normal IAM role, you cannot delete a service-linked role if the linked service is still accessing an underlying resource in your account. This protects you from inadvertently revoking permissions required by the linked service. These roles also help with monitoring and auditing requirements by providing a transparent way to understand all actions performed on your behalf because CloudTrail logs all actions performed by the linked service. What actions do I need to take? There is no action required from you. You can continue using the AWS services the way you do today. You can learn more about the change by referring to the IAM documentation on Service-linked roles added to your account. If you are interested to know more about service-linked roles, please refer to our documentation on service-linked roles. If you have any questions or concerns, please post them to the IAM forum or contact AWS support. Sincerely, Amazon Web Services

My Account | Getting Started | Products | Solutions | Pricing | Partners | Documentation | Training | Events & Webinars | AWS Activate | Marketplace | What's New | Blog View Online | Forward to a Friend Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services, Inc., 410 Terry Ave. North, Seattle, WA 98109-5210. © 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. View our privacy policy.